Intrusion Prevention

Berlios.GPSD.Format.String

Description

This indicates an attempt to exploit a format string vulnerability in Berlios GPSD.
The vulnerability is caused by the application's failure to check user input in "gpsd.c". It allows remote attackers to execute arbitrary code via a malicious tcp packet sent to port 2947.

Affected Products

Berlios GPSD version 1.9.0 through version 2.7

Impact

System Compromise: remote attackers can gain control of vulnerable systems.

Recommended Actions

Upgrade to the latest version, available from the web site:
http://developer.berlios.de/project/showfiles.php?group_id=2116

CVE References

CVE-2004-1388